Skip to content

Commit

Permalink
test trivy fix
Browse files Browse the repository at this point in the history
  • Loading branch information
@DaMandal0rian
DaMandal0rian committed Dec 21, 2024
1 parent cf8f8ef commit 03fe665
Showing 1 changed file with 49 additions and 46 deletions.
95 changes: 49 additions & 46 deletions .github/workflows/trivy-security-scan.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,11 @@
name: trivy-security-scan

on:
repository_dispatch:
types: [trivy-scan-dispatch]
push:
branches:
- 'bump-trivy-fix'
# repository_dispatch:
# types: [trivy-scan-dispatch]

jobs:
trivy_scan:
Expand All @@ -21,59 +24,59 @@ jobs:
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

# Image availability check with retry logic
- name: Check Docker image availability with retry
id: check-image
if: github.event.client_payload.image != ''
run: |
image="${{ github.event.client_payload.image }}"
interval=300
retry_limit=5
attempt=0
# - name: Check Docker image availability with retry
# id: check-image
# if: github.event.client_payload.image != ''
# run: |
# image="${{ github.event.client_payload.image }}"
# interval=300
# retry_limit=5
# attempt=0

while ! docker pull $image; do
attempt=$((attempt + 1))
if [ "$attempt" -gt "$retry_limit" ]; then
echo "::error::Image $image is not available after $retry_limit attempts."
exit 1
fi
# while ! docker pull $image; do
# attempt=$((attempt + 1))
# if [ "$attempt" -gt "$retry_limit" ]; then
# echo "::error::Image $image is not available after $retry_limit attempts."
# exit 1
# fi

echo "Waiting for $image to be available. Attempt $attempt/$retry_limit. Retrying in $interval seconds..."
sleep $interval
done
# echo "Waiting for $image to be available. Attempt $attempt/$retry_limit. Retrying in $interval seconds..."
# sleep $interval
# done

echo "Image $image is now available."
# echo "Image $image is now available."

# Image scanning
- name: Run Trivy vulnerability scanner on image
if: github.event.client_payload.image != ''
uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0
with:
version: 'v0.57.2'
image-ref: ${{ github.event.client_payload.image }}
cache: 'true'
format: "sarif"
output: "trivy-image-results.sarif"
exit-code: "1"
ignore-unfixed: true
vuln-type: "os,library"
severity: "CRITICAL,HIGH"
env:
TRIVY_CACHE_DIR: .cache/trivy
TRIVY_SKIP_DB_UPDATE: true
TRIVY_SKIP_JAVA_DB_UPDATE: true
# - name: Run Trivy vulnerability scanner on image
# if: github.event.client_payload.image != ''
# uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0
# with:
# version: 'v0.57.2'
# image-ref: ${{ github.event.client_payload.image }}
# cache: 'true'
# format: "sarif"
# output: "trivy-image-results.sarif"
# exit-code: "1"
# ignore-unfixed: true
# vuln-type: "os,library"
# severity: "CRITICAL,HIGH"
# env:
# TRIVY_CACHE_DIR: .cache/trivy
# TRIVY_SKIP_DB_UPDATE: true
# TRIVY_SKIP_JAVA_DB_UPDATE: true

# Upload image scan results
- name: Upload Trivy image scan results
uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9
with:
sarif_file: "trivy-image-results.sarif"
category: trivy-image
# # Upload image scan results
# - name: Upload Trivy image scan results
# uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9
# with:
# sarif_file: "trivy-image-results.sarif"
# category: trivy-image

# Filesystem scanning
- name: Run Trivy filesystem scan
uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0
with:
version: 'v0.57.2'
version: 'latest'
scan-type: 'fs'
cache: 'true'
format: 'sarif'
Expand All @@ -82,8 +85,8 @@ jobs:
ignore-unfixed: true
env:
TRIVY_CACHE_DIR: .cache/trivy
TRIVY_SKIP_DB_UPDATE: true
TRIVY_SKIP_JAVA_DB_UPDATE: true
# TRIVY_SKIP_DB_UPDATE: true
# TRIVY_SKIP_JAVA_DB_UPDATE: true

# Upload filesystem scan results
- name: Upload Trivy filesystem scan results
Expand Down

0 comments on commit 03fe665

Please sign in to comment.